BLUFThe cybersecurity world is full of principles; principles about patching, passwords, physical security, phishing and firewalls. But until now, there has been little legal precedent supporting these principles—and that can make principles difficult to enforce.
This article by Rachael Falk, writing for ASPI, makes the following points:
- The past month has served up two landmark cases that will help establish a new level of precedent for cybersecurity in Australia.
- In one case, a company—RI Advice—had inadequate cybersecurity controls and failed to remedy the issue, despite being aware of it. This resulted in sensitive client information being compromised multiple times and one client losing $50,000. In addition to a settlement, the company was ordered to pay $750,000 towards ASIC’s legal costs.
Both cases deserve immediate attention from senior management, boards and directors as Australia navigates a new era of cybersecurity responsibility.
Recent Runway Posts related to this topic:
References from the Web:
- MAR 2022 Getting cyber security into our schools “essential” for Australia’s future—Cosmos Magazine
- MAY 2022 The landmark Federal Court ruling over a financial services firm’s inadequate cybersecurity measures sounds major warning bells about cyber risk management strategy—KordaMentha
- MAY 2022 Undetected and dormant: managing Australia’s software security threat—ASPI